DAILY NEWS: Setembro (18/09 - 24/09) - 38 Semana de 2022
Cyber Security and Information Security News - Daily Updates !! Weekly Review

24/09
15 Year Old Python Bug Let Hacker Execute Code in Code 350k Python Projects
American Airlines learned it was breached from phishing targets
Criminals are using QR codes to target victims - how to avoid 'most insidious' scam
Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released
Israel Bolsters Digital Defense Amid Iran Cyber Threat – Analysis
Landbank warns of phishing scam via Google Ads search
London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches
Microsoft SQL servers hacked in TargetCompany ransomware attacks
OneTouchPoint data breach investigation: Who’s affected?
Optus confirms customer data breach, says passport data may be affected
Optus issues data scam alert to customers
Ransomware attacks on healthcare organizations have devastating results for providers & patients
Some Questions answered by the GTA 6 Leaks and others left hanging
Take-Two confirms cyber attack on 2K Games
TAP cyberattack: Portuguese president's personal data stolen
What is a cyber insurance policy? Should you buy one?
23/09
As Cyberattacks Intensify, Orgs Don’t Report Incidents
Australian Telecoms company Optus discloses security breach
Beware fake anti-virus reviews
CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability
Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)
Cyber attack threat: Dumfries and Galloway Council on alert
Cyber Security & Cloud Expo: Examining the 2022 malware landscape
Cyprus and Romania build ties on cybersecurity, innovation and entrepreneurship
Europol "Hackathon" Identifies Scores of Human Trafficking Victims
Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware
Firing Your Entire Cybersecurity Team? Are You Sure?
Hackers Using Malicious OAuth Apps to Take Over Email Servers
How does identity crime affect victims?
Learn How To Be A Good Hacker With The 2023 Cyber Security Ethical Hacking Bundle With 98% Off
Massive cyber attack in Australia; nearly 10 million people affected
Microsoft shares workarounds for Windows Group Policy issues
Mitigating the cybersecurity crisis for the school year ahead
Multi-million dollar credit card fraud operation uncovered
NSA Reveals "Hackers' Playbook" for OT Attacks
Optus cyber-attack could involve customers dating back to 2017
Optus Cyber-attack | What You Need to Know
Revolut hit by ‘highly targeted’ cyber attack
Risk management focus shifts from external to internal exposure
Seven-Year Mobile Surveillance Campaign Targets Uyghurs
Supply chain cyber security series
This image contains its own MD5 checksum — and it's kind of a big deal
Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities
Why MFA matters: These attackers cracked admin accounts then used Exchange to send spam
22/09
15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects
Authorized Push Payments Surge to 75% of Banking Fraud
BlackCat ransomware’s data exfiltration tool gets an upgrade
Critical Magento vulnerability targeted in new surge of attacks
Customers’ personal data stolen as Optus suffers massive cyber-attack
Data Stolen: TAP Air Portugal Suffers Cyberattack
Fake Banking Rewards Apps Install Info-stealing RAT on Android Phones
Google Chrome users looking to download pirated software at risk of new malware infection
Hackers stealing GitHub accounts using fake CircleCI notifications
Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners
How to Prevent Ransomware as a Service (RaaS) Attacks
Iranian Hackers Hid in Albanian Networks for Over a Year
IT Security Takeaways from the Wiseasy Hack
Los Angeles school district receives ransom demand from Labor Day weekend cyberattacker
Malicious NPM Package Caught Mimicking Material Tailwind CSS Package
Microsoft Exchange servers hacked via OAuth apps for phishing
Morgan Stanley Fined $35m By SEC For Data Security Lapse
National Security Agency (NSA) shares guidance to help secure OT/ICS critical infrastructure
Nelnet loan service data breach: What you should know
OpIran – Anonymous Hits Iranian State Sites, Hacks Over 300 CCTV Cameras
Optus attack exposes customer information
Optus data breach: who is affected, what has been taken and what should you do?
Optus Hit By Cyber-Attack, Breach Affects Nearly 10 Million Customers
Preventing the Recruitment of Insider Threat Actors
Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)
Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure
Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs
Russia-Based Hackers FIN11 Impersonate Zoom to Conduct Phishing Campaigns
SMBs vs. large enterprises: Not all compromises are created equal
Threat actors have their insider threats, too
Three Iranian Nationals Charged in Critical Services Scheme
Twitter Password Reset Bug Exposed User Accounts
Uber hack reveals key security lapses; here’s how firms can avoid them
Up to 9 million Aussies affected in major Optus data breach
US Agency Broke Into China’s Telecom Networks, State Media Says
US’ NSA infiltrates China’s data infrastructure in cyberattack on leading university
Waterloo Region District School Board (WRDSB) lawyer clarifies police timeline in cyber attack
What you need to know about Evil-Colon attacks
21/09
2K Games Support Desk Hacked, Phishing Emails Sent To Certain Players
2K warns of cyber attack of its customer support
3 free Linux security training courses you can take right now
4 key takeaways from “XDR is the Perfect Solution for SMEs” webinar
20/20 visibility is paramount to network security
350K Open-Source Projects At Risk of Supply Chain Vulnerability
Agent-based vs. agentless security: Pros and cons
American Airlines confirms data breach exposing some customers’ data
Best practices to bolster software supply chain security
ChromeLoader, what took you so long? Malvertising irritant now slings ransomware
Companies Without Zero Trust Could Lose $1M More During a Data Breach
Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units
Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident
DDoS and bot attacks in 2022: Business sectors at risk and how to defend
Domain shadowing becoming more popular among cybercriminals
FBI: Iranian hackers lurked in Albania’s govt network for 14 months
Is $15.6 billion enough to protect critical infrastructure?
LinkedIn Smart Links abused in evasive email phishing attacks
LockBit ransomware builder leaked online by “angry developer”
Malwarebytes mistakenly blocks Google, YouTube for malware
Microsoft Upgrades Windows 11 With New Security Features
Multiple Vulnerabilities Discovered in Dataprobe's iBoot-PDUs
NCSC: British Retailers Need to Move Beyond Passwords
New York Racing Association confirms hack by Hive ransomware group
Ninety Percent of Organizations Struggle with Ransomware
Open Source Repository Attacks Soar 700% in Three Years
Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet
Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing
Security lessons to learn after the Uber data breach
South Redford Schools closed again after cyber attack
Survey Reveals the Severity of Cloud Security Challenge
The explosion of data is beyond human ability to manage
The Multi-Cloud is The New Normal, But Creates Key Security Challenges
The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’
Twitter failed to log you out of all devices after password resets
Two-Fifths of US Consumers Suffer Personal Data Theft
Unpatched 15-year old Python bug allows code execution in 350k projects
U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List
US to award $1B to state, local, and territorial governments to improve cyber resilience
Video Game Publisher Admits Helpdesk Was Hijacked
What Is Ransomware? A Guide to Ransomware Prevention and Removal
Why Zero Trust Should be the Foundation of Your Cybersecurity Ecosystem
Windows 11 gets better protection against SMB brute-force attacks
20/09
American Airlines Admits Data Breach
American Airlines Breach Exposes Customer and Staff Information
American Airlines hit by data breach
American Airlines says data breach affected some customers, employees
City Furniture, Inc. Files Notice of Data Breach
Common medical devices ripe for cyberattack, LTC prone to security breaches
Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access
Cyber Threat Detection: The First Layer of Defence in Depth
Cyber Security Awareness Master Plan to be ready in 2023: MKN
Europol and Bitdefender Jointly Release LockerGoga Decryptor
Game dev 2K’s support site hacked to push malware via fake tickets
Grand Theft Auto Publisher Rockstar Games Hacked
GTA 6: FBI investiga suposto hacker da Rockstar
Hacker da Uber afirma ter invadido jogos da Rockstar e lançado vídeos de GTA 6
Hackers invadem empresa de criptomoedas e roubam R$ 800 milhões
Hackers steal $162 million from Wintermute crypto market maker
Holiday Inn hotel chain hit by cyber attack
How can organizations benefit from full-stack observability?
How to activate Lockdown Mode on macOS Ventura
HowTo: Defend the Legal Sector from Insider Threats
Indonesia finally passes personal data protection law
Kiwi Farms Website Hacked! Admin Warns of Data Leak
Lapsus$, grupo hacker que derrubou a Microsoft, agora ataca fabricante do “GTA 6”
MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
New CFIUS Executive Order Clarifies Review Factors for Evolving National Security Landscape
NY Ambulance Service Suffers Healthcare Data Breach, 318K Impacted
Open-source software usage slowing down for fear of vulnerabilities, exposures, or risks
Organizations Lack Visibility Into Cloud Access
PebblePad achieves new ISO and cyber-security accreditations
Phishing attacks targeting US government have evolved in sophistication, Confense reports
Plans for the EU-wide Cyber Resilience Act have been unveiled
Ransomware attack at NY emergency service prompts data breach
Ransomware attacks have nearly doubled since 2020, according to GetApp
Revolut Breach May Have Hit 50,000+ Customers
Revolut data breach: 50,000+ users affected
Revolut mobile banking startup confirms data breach of 50,000 users
Ripple effects of ransomware attack against Suffolk County continue more than a week later
Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware
Social Engineering: How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games
Take cybersecurity out to where employees and data are coming together
The 25 most popular programming languages and trends
The Innovative CEO Of An Automotive Cyber Security Company
The rise of attacks on critical infrastructure
Uber Blames Lapsus$ for Breach
Uber Blames LAPSUS$ Hacking Group for Recent Security Breach
Uber hit by significant cyber attack
Uber says Lapsus$ gang is behind the recent breach
While Hackers Eye Small Businesses, Ransomware Attacks Decline
Wintermute, market maker cripto, perde US$ 160 milhões com ataque hacker a operação DeFi
19/09
Akamai APJ Ransomware Report H1 2022 - Summary
Alleged Grand Theft Auto 6 (GTA6) gameplay videos and source code leaked online
Cisco admits that the Yanluowang ransomware gang stole data from its network
Critical Infrastructure Takes Center Stage
Crypto giveaway scams continue to escalate
Emotet Botnet Started Distributing Quantum and BlackCat Ransomware
Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware
Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes
Google, Meta FINED about US$72 million in South Korea for data breach
GTA 6 in-development footage leaked, hack still unconfirmed
GTA 6 leaked: Hacker leaks over 90 gameplay videos showcasing alleged build
Hackers target gamers in SA, Kenya
High severity vulnerabilities found in Harbor open-source artifact registry
How to Know if You’ve Been Caught up in a Data Breach, and What You Can Do About It
Indonesia hunts for Bjorka, hacker selling 1.3b SIM card users’ data, taunting officials
It’s 2022 – Are Passwords Still Important?
LastPass publishes details of the cyber attack it received
Microsoft Teams' GIFShell Attack: What Is It and How You Can Protect Yourself from It
Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers
Most critical security gaps in the public cloud
Pacific Asia Travel Association (PATA) cautions on mailing list scam
Prevention remains best strategy when dealing with cyber risks - Lewis Clark
Revolut Bank reveals that it has suffered a data breach on its data security
Revolut hack exposes data of 50,000 users, fuels new phishing wave
SaaS Security Issues Driven by Sprawl, Lack of Visibility
Schrodinger’s Misconfigurations
Securing your Apple device front through unified endpoint management
Starbucks SG involved in data breach
TeamTNT is back and targets servers to run Bitcoin encryption solvers
The impact of location-based fraud
The Security Awareness Of People Is The Important Firewall In IT
Trend Micro warns of attack surge, targets more sectors
Uber Hacker Claims To Have Hacked Rockstar Games, Releases GTA 6 Videos
What do SOC analysts need to be successful?
Where to Find the Best Healthcare Software Developers
18/09
Após leak de GTA 6, suposto hacker quer negociar código fonte de GTA 5
Indonesia hunts for Bjorka, hacker selling 1.3b SIM card users' data, taunting officials
Bangladesh is at serious risk of cyber crimes
CERT-In issues new advisory for smartphone users as cybercrime cases rise
ClearBalance, Bricker & Eckler settle data breach lawsuits involving patient data
Deleted popular hotel chain’s data ‘for fun,’ claims hacker couple
Elder fraud is real. Tell your parents, grandparents and friends about these scams
GTA 6 Hacker Claims He Also Hacked Into Uber
GTA 6 hacker has access to source code, shares 10K lines of code
Hacker couple erased hotel group's data for fun: Report
Hacker Couple Who Erased Hotel Chain Data Mock Terrible Password
Hunt on for hacker who leaked over one billion Indonesians’ data
Large cache of GTA 6 development footage may have leaked online
Lloyds Bank issues alert on council tax scam targeting 'anyone with an email account'
Malvertising: How to avoid falling for these malware-infested ads
Microsoft Teams deemed unsafe to use by security researchers
Piracy Advertising Researchers Fall Victim to Ransomware Attacks
Starbucks Singapore’s Database Gets Breached
Staying ahead of scammers an opportunity for S'pore to boost its financial reputation: Experts
TeamTNT hijacking servers to run Bitcoin encryption solvers
The Storage Manager’s Quick-Guide to Ransomware Resiliency
Uber Data Breach: Company Says No Private Users' Data Compromised
Uber probing data breach incident involving ‘internal systems’
Uber says services are operational following data breach
Watford Community Housing denies scam calls due to data breach
What is Sova virus? All you need to know about the new mobile banking virus
What to do if you were a corporate hack victim